In today's world of eternal cybercrime, hacker attacks are becoming more and more sophisticated from day to day. That is why now we would like to tell you more about watering hole attacks - what they are and how you can protect yourself from this type of cyber-attack.
The watering hole attack is used by hackers to infect a specific group of victims or a particular target.
According to cybersecurity experts, using this method, hackers first observe those websites that the targeted victim or group often visits. In this way, they choose exactly which websites to infect with malware, and then begin to look for available vulnerabilities in the attacked sites in terms to be able to inject malicious code into their ads or banners.
This malicious code redirects the attacked groups to an infected phishing site. When victims visit this phishing site, a malicious script is automatically downloaded to their devices.
During this type of cyberattack, the use of different malware was observed, but most often the malware has the ability to steal attacked group's personal data, and then sends the stolen information to the hacker's C&C server. The used malware can often provide hackers with full access to victims' systems.
Famous Watering hole attacks
Examples of successful attacks of this type are tremendous, but we chose only a few to show you how serious the damage could be:
- Last year, the OceanLotus hacker group has been able to compromise through watering hole attacks nearly 21 sites, including the sites of the Ministry of Defense of Cambodia, the Ministry of Foreign Affairs and International Cooperation of Cambodia.
- Using watering hole attacks the infamous Lazarus hacker group managed to penetrate the systems of many financial institutions in countries such as Poland, Mexico, the United Kingdom, Mexico, Brazil, Chile, and the United States in 2017. The malware was specifically designed to attack victims whose IPs are owned by 104 organizations from 31 countries.
- Obviously, fame is not helpful in this regard, as popular sites such as Facebook, Twitter, Microsoft, and Apple have been exploited to make watering hole attacks in 2013, and so this method certainly poses a serious risk to our cybersecurity.
Can we protect ourselves from a watering hole attack?
There are several actions that we could take to protect ourselves if we become the target of hackers exactly by watering hole attack. AMATAS advises you to pay attention to each of them, as they are just basic and do not require any extra effort or resources.
- As we have repeatedly recommended for the good level of cybersecurity, it is important that software, including the operating system, is regularly updated, as many of the update releases are specifically designed to ensure consumer safety.
- Choose a cybersecurity company with a good public image to take over the tests on your organization's sites. You should start checking for malware from your own sites.
- For a good level of cybersecurity, you need also to monitor all the websites your employees often visit, and make sure that these sites do not contain any malware.
- Ensure that firewalls and other network security products are configured correctly.
- You can improve the protection level using a VPN for your online activities.
- Use security tools appropriate to your needs to notify your employees if they come across compromised sites.
- It is also advisable for your employees to have a professional information security training in order to be able to recognize the risks they are exposed online to on a daily basis, as they could also help to keep the safety of your information and funds.
- With current cybersecurity solutions your security team can in real time identify and block ill intensions from developing. For example, your security experts can catch the attempt of a potentially poisoned website to install malicious code on the device of an employee within the corporate network. By blocking it, they keep the infrastructure of the organization safe. We will soon tell you more about these solutions and their benefits.